Vous êtes sur la page 1sur 72

Project Risk Management

A DEVELOMENT INSTITUTION’s
PERSPECTIVE

2

M I Khan

05/19/16

3

M I Khan

05/19/16

“The combination of the probability of an event and its consequences”  “Effect of uncertainty on objectives” (ISO 31000(2009) /ISO Guide 73:2002) Uncertainties include events (which may or not happen). Uncertainties caused by ambiguity or a lack of information. (developed by an international committee representing over 30 countries and is based on the input of several thousand subject matter experts.) 4 M I Khan 05/19/16 .Risk-Defined A situation involving exposure to danger. and Also includes both negative and positive impacts on objectives .

A project is a temporary endeavor with a defined beginning and end (usually time-constrained. and often constrained by funding or deliverables).PROJECT and PROJECT MANAGEMENT Project: An individual or collaborative enterprise planned and designed to achieve an aim. typically to bring about beneficial change or added value 5 M I Khan 05/19/16 . undertaken to meet unique goals and objectives.

Project Management is the discipline of Planning. 6 M I Khan 05/19/16 . Organizing. Securing. and Managing resources to achieve specific goals.

One of the nine knowledge areas defined in PMBOK (Project Management Body of Knowledge) 7 M I Khan 05/19/16 . securing and managing resources (Management) to harness/control/manage the effects of uncertainties on objectives (Risk)of a temporary endeavor (project). organizing.PROJECT RISK MANAGEMENT (PRM) From above definitions PRM:  Art and science of planning.

Risk Management Is a Comprehensive System that includes: Creating an appropriate risk management environment Maintaining an efficient Risk Measurement Mitigating and Monitoring Process Establishing an Adequate Internal Control Arrangement Core of the Strategic Management of the Company It is the process whereby organizations methodically address the risks attaching to their activities with the goal of achieving sustained benefit within each activity and across the portfolio of all activities. 8 M I Khan 05/19/16 .

monitor.OR Risk Management is the. Assessment. 9 M I Khan 05/19/16 . and prioritization of risks Monitoring followed by coordinated and economical application of resources to minimize. and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities. Identification.

and reduces both the probability of failure and the uncertainty of achieving the organization's overall objectives. It increases the probability of success.Why Risk Management: Its objective is to add maximum sustainable value to all the activities of the organization. It marshals the understanding of the potential upside and downside of all those factors which can affect the organization. Healthy Stress?? Vs the bad stress 10 M I Khan 05/19/16 .

. capital. (human.ROOTS OF UNCERTAINTY            11 Stakeholders Objectives Variety of Resources. material.) Project Organizations Scope of work Cost Time Delivery of Quantified and Qualitative objectives Technologies Environment Regulators M I Khan 05/19/16 .

etc.Roots of Uncertainty are associated with who Why What Who are the parties ultimately involved (Executing Agencies. objectives.) What is it the parties interested in (design) Whichway How is to be done (activities) Wherewithal What resources are required (resources) When when does it have to be done (Schedule... timetable) 12 M I Khan 05/19/16 . partners.) What do they want (motives.

13 M I Khan 05/19/16 .

Role of Risk Management Risk Identification Risk Appraisal Risk Management Focus of downside of risk Exploit Opportunities arising from risks 14 M I Khan 05/19/16 .

Types of Risks 15 M I Khan 05/19/16 .

16 M I Khan 05/19/16 .

nondiversifiable unsystematic . . specific to firm or assets. diversifiable ProjectSpecific Risks Competiti ve Risks Internatio nal Risk Political Legal 17 Industryspecific Risks Legal Market Risk Systematic risk can not be diversified however parts of the risk can be reduced through risk mitigation and transfering 05/19/16 techniques.Types of Risk Systematic.

Human errors (incompetence. corruption) IT failure Inadequate human resurces Operational Risks Legal Risks?? 18 M I Khan EXTERNAL Political risk Country Risk Market Risk Currency Risk Interest Rate Risk Counter-part Risk Credit or default Risk Environmental Risk 05/19/16 .SOURCES of RISKS INTERNAL Process Resourc Inadequate internal es es controls. inexperienced.

19 M I Khan 05/19/16 .

usually associated with leverage with the risk that obligations and liabilities can not be met with present assets 20 05/19/16 .Business Risk vs Financial Risk Business risk arises from the nature of firms business. financial and operational risk Financial risks arises from possible losses in financial markets due to movements in financial variables. compliance risks. Strategic risk.

Practice Risk Classification for Risk of Management understanding Financial Institution is to take Risk that can be eliminated up Those that can be transferred activities in which Risks that can be managed risks can be by the institution efficiently Financial managed Three Types of Risks X 21 Intermediaries would avoid certain risks by business practices and will not take up activities that impose risk upon them M I Khan shift risks and that can be 05/19/16 transferre .

assigning responsibility  throughout the organisation with each  manager and employee responsible for the  management of risk as part of their job  description.  performance measurement and reward.  thus promoting operational efficiency at  all levels. It must be integrated into the culture of  the organisation with an effective policy  and a programme led by the most senior  management. It supports accountability. 22 M I Khan 05/19/16 . It must translate the  strategy into tactical and operational  objectives.

RISK MANAGEMENT PROCESS

23

M I Khan

05/19/16

Risk Management Process
 According to the standard ISO 31000 "Risk management

-- Principles and guidelines on implementation," the
process of risk management consists of several steps as
follows:
 Establishing the context involves:
1. Identification of risk in a selected domain of interest
2. Planning the remainder of the process.
3. Mapping out the following:
 the social scope of risk management
 the identity and objectives of stakeholders
 the basis upon which risks will be evaluated, constraints.

4. Defining a framework for the activity and an agenda for

identification.
5. Developing an analysis of risks involved in the process.
6. Mitigation or Solution of risks using available
technological, human and organizational resources.
24

M I Khan

05/19/16

Risk Management Principals
ISO identifies the following principles of risk management:
Risk management should:
create value - resources expended to mitigate risk should
generally exceed the consequence of inaction, or (as in value
engineering), the gain should exceed the pain
be an integral part of organizational processes
be part of decision making
explicitly address uncertainty and assumptions
be systematic and structured
be based on the best available information
be tailorable
take into account human factors
be transparent and inclusive
be dynamic, iterative and responsive to change
be capable of continual improvement and enhancement
be continually or periodically re-assessed
25

M I Khan

05/19/16

RISK MANAGEMENT PROCESS (RMP) Associati on of Project Manager s (APM) Project Risk Analysis and Manage ment (PRAM) 26 M I Khan 05/19/16 .

27 M I Khan 05/19/16 .

(SCRET)Synergistic Contingency Evaluation and Review Techniques by BP International 28 M I Khan 05/19/16 .

Uncover any gap in consolidation phase (gaps shall not exist but in reality needs to be checked) 29 M I Khan 05/19/16 . Consolidate info about project.Define Focus Identify Structur e Owners Define phase: Define the Project for Risk hip Management Purpose Estimat 1. Resource usage implication specified. e Evaluat  Project Objectives clearly stated. Stake holders interest defined 2. Underlying issues like design described. Associated Timing. Project scope. e Plan Project Strategy Manage RPM Activity Plan (at higher level: Simple).. eg.

a quantitative approach may be required. costs. verify. Culminate – in a tactical plan for risk management process Document.what time frame? What resources. why is the formal RMP required. a qualitative approach may be appropriate. Scope covers issues like who is analyst. what software etc. RMP used for budgets. what is the scope of the relevant risk Plan the Process. what models (techniques) to be applied.. Define RPM  Focus  Identify  Structur e Focus The Risk Management Process: Define RMP scope and strategy Eg. testing viability of a project.. bid prices. assess and report 30 M I Khan  Owners hip  Estimat e  Evaluate  Plan  Manage 05/19/16 .

brainstorming.  Owners hip  Estimat e  Evaluate  Plan  Manage Classsify: Provide suitable structure for defining risks and responses. checklist. verify. Define  Focus RPM  Identify  Structur e Identify the Risk and Responses: Sources of Risk and response Search for Sources of Risks by pondering.. assess and report 31 Deliverables: MKey I Khan Opportunities Threats and 05/19/16 . aggregating/ disaggregating variables Document. surveys etc.

Description of Risk 32 M I Khan 05/19/16 .

 Define RPM  Focus  Identify  Structur e  Owners hip  Estimat e  Evaluate  Plan  Manage 33 M I Khan 05/19/16 .

verify.possible revision to the precedence relationships fro project activities assumed in Define Phase.Review and develop existing classification: new classification structure may be defined distinguishing specific and General responses. 1.Developing ordering. assess and report.Refine Classification. Also devloping of responses. Needed for setting priorities for project and process planning and presentation. risks. 2. M I ordering Khan Document.Explore Interactions.  Define  Focus  Identify  Structur e  Owners hip  Estimat e  Evaluate  Plan  Manage 05/19/16 . responses and understand the reasons of interdependencies. 3.Review and explore interdependencies or links between project activities.RPM Develop the Analysis Structure: 34 Test Simplifying Assumptions and Provide more complex structure when necessary.

To distinguish the ownership and responses that the client is prepared to own and manage from those of other organizations (contractors. 3.  Identify  Structur e  Owners hip  Estimat e  Evaluate  Plan  Manage Document. guarantors…) 2. JV. Define RPM  Focus Clarify Ownership Issues: 1. verify. assess and report Key Deliverables: for contracts. 35 M I Khan Scope of policy and plan 05/19/16 .To allocate responsibility for manageing risks and responses owned by the client to named individuals.To approve ownership/ management allocations controlled by contractors. third parties.

assess and report 36 Key Deliverables: Select an appropriate risk.  Define  Focus  Identify  Structur e  Owners hip  Estimat e  Evaluate  Plan  Manage Document. refine earlier M I (probability. verify. scope and uncertainty numbers. Khan estimates.RPM Estimate in Terms of Scenario and Numbers : 1)Identify areas of the project “reference plan” which may involve significant uncertainty and need more attention in terms of data and analysis 2)To identify areas of the project reference plan which clearly involve significant uncertainty and clearly require careful decisions . 05/19/16 .). etc. judgments by the tem.

Consequence-both threats and opportunities 37 M I Khan 05/19/16 .

and comparative analysis of the implications of responses to these difficulties 38 M I Khan 05/19/16 . verify. assess and report Key Deliverables: Diagnosis of any and all difficulties.RPM Evaluate the Numbers and Scenarios: May be coupled with Estimate Phase Deliverable highly depends on preceding phases. before proceeding further is the key decision at this stage. looping back to the earlier phases.  Define  Focus  Identify  Structur e  Owners hip  Estimat e  Evaluate  Plan  Manage Document.

to reach joint decisions. other purposes for plans. base plans and contingency plans. planning is everything. Selecting and evaluating action horizon. M I Khan Uses all proceeding RMP processes to  Define  Focus  Identify  Structur e  Owners hip  Estimat e  Evaluate  Plan  Manage 05/19/16 . clear grasp of purposes and possibilities. Napoleon Bonaparte 39 Three main tasks: Consolidating and explaining the reference plans and risk analysis. Abstraction of analyses. Craft skills. Support and convince-what can or can not be done. Writing final report. An ultimate test of risk analyst’s craft skills. Involve a lot of craft-based on experience.RPM Plan the Project and the Management of its RiskPlans are nothing.

 Define RPM Key Deliverables: 1)Project Base Plan ready for implementation 2)Associated risks 3)Associated tasks are in relation with the deliverables Project Base Plan activities. ownership and associated resource usage/ contractual terms clearly specified. along with an assessment of alternative potential proactive and reactive responses. ownership. assessed in terms of impact given no response if viable and potentially desirable.  Focus  Identify  Structur e  Owners hip  Estimat e  Evaluat e  Plan  Manage Recommended proactive and reactive contingency plans in activity terms. positioned. precedence. precedence. other events or processes definig expenditures. including milestones initiating payments. initiating reactive contingency response. with timing. and impact assessment 40 M I Khan 05/19/16 . at the detailed level required for implementation. including trigger points. with timing. and an associated plan expenditure profile. Risk assessment in terms of threats and opportunities. and associated resources usage/ contractual terms where appropriate clearly specified.

41 M I Khan 05/19/16 .

Generic RMP Table 4.1 Generic RMP Chris page 50-51 42 M I Khan 05/19/16 .

I have never known a battle plan to survive a first contact with the enemy.  Define  Focus  Identify  Structur e  Owners hip  Estimat e  Evaluate  Plan  Manage 43 M I Khan 05/19/16 .RPM Manage the Project and its Risk.

Routine project planning meetings .Manage planned actions. Formal and informal monitoring at different levels and change control process at various levels. End-of project reviews involve higher level monitoing 3. implement planned project activities. 2. translating plans into actions seldom straightforward.Roll action plans forward 44 M I Khan  Identify  Structur e  Owners hip  Estimat e  Evaluat e  Plan  Manage 05/19/16 .Monitor.Manage Crisis 4. Define  Focus Four main tasks: 1. basis of project management. action phase.

PROJECT LIFE CYCLE (PLC) 45 M I Khan 05/19/16 .

Project Life Cycle Conce pt 46 M I Khan Planni ng Executio n Time Terminat ion 05/19/16 .

PLC 47 M I Khan 05/19/16 .

PLC Phases 48 Stages Steps Conceptualization Conceive Trigger event Concept capture Clarification of purpose Concept elaboration Concept evaluation Planning Design Basic Design Development of performance criteria Design development Design evaluation Plan Base plan Development of targets and milestones Plan development Plan evaluation Allocate Base design and plan detail Development of allocation criteria Allocation development Allocation evaluation M I Khan 05/19/16 .

PLC Phases 49 Stages Execution Execute Termination Deliver M I Khan Steps Coordinate and control Monitor progress Modification of targets and milestones Allocation modification Control evaluation Review Basic review Review development Review evaluation Support Basic maintenance and liability perception Development of support criteria Support perception development Support evaluation 05/19/16 .

Application of Risk Management in PLC Stages 50 Steps Conceive Identifying stakeholders and their expectations Identifying appropriate performance objectives Design Testing the reliability of design Testing the feasibility of design Setting performance criteria Assessing the likely cost of a design Assessing the likely benefits from a design Assessing the effect of changes to a design Plan Identifying and allowing for regulatory constraints Assessing the feasibility of plan Assessing the likely duration of a plan Assessing the likely cost of the plan Determining appropriate milestones Estimating resources required Assessing the effect of changes to the plan Determining appropriate levels of contingencies funds and resources M I Khan 05/19/16 .

Application of Risk Management in PLCStages Steps 51 Allocate Evaluating alternative procurement strategies Defining contractual terms and conditions Determining appropriate risk sharing arrangements Assessing the implications of contract conditions Assessing and comparing competitive tenders Determining appropriate targets costs and bid prices for contracts Estimating likely profits following project termination Execute Identifying remaining execution risks Assessing implications of changes to design or plan Revising estimates of cost on completion Revising estimates of completion time of execution stage Deliver Identifying risks to delivery Assessing feasibility of delivery schedule Assessing feasibility of meeting performance criteria Assessing reliability of testing equipment05/19/16 Assessing requirement for resources to modify M I Khan .

PLC- 52 Review Assessing effectiveness of risk management strategies Identifying of realized risk management strategies Support Identifying extent of future liabilities Assessing appropriate level of resources required Assessing profitability of the project M I Khan 05/19/16 .

Phases of RMP Stage of PLC Defin foc e us Projec t Identi Struct fy ure Ownersh ip Estim ate Evalua Plan te Manag e Concei ve Design Plan Allocat e Execut e Deliver review Suppor t 53 M I Khan 05/19/16 .

54 M I Khan 05/19/16 .

and 55 •Its purpose is to help plan and schedule the project so that all contingencies are embedded into the project core. •Risk matrix NOT designed to establish another list to do. M I Khan 05/19/16 .Risk Matrix and Developing Methodologies •Risk matrix as a tool to project risk management.

56 M I Khan 05/19/16 .

57 M I Khan 05/19/16 .

Some risks disappear when intensities are dimensioned. 58 M I Khan 05/19/16 . Work Breakdown Structure (WBS) at eacj level Each task/component is reviewed and ranked in terms of potential risks All risks racked up for risk matrix.Step-1: identify tasks with risks. other are ranked high and addressed with contingeny planning. The overall project risk is the sum of the individual risks associated with product development plus the risk associated with the market for the product.

59 M I Khan 05/19/16 .

STEP-2: Describe risk: A statement covering what could go wrong with the task. STEP-4: Estimate chance/ probability of risk event: Ranking risk in terms of 25. past history of similar projects 60 M I Khan 05/19/16 . 75 percent chance of occurance Mathematical probabilities Stakeholders views/ perceptions of risk ranking . 50. What-if analysis STEP-3: Determine Impact: is the change that could occur in key project indicators when risk occurs.

Probability of Occurrencethreat 61 M I Khan 05/19/16 .

Probability of OccurrenceOpportunity 62 M I Khan 05/19/16 .

63 M I Khan 05/19/16 .

a key supplier go out of business STEP-6: Identify root-cause: Analytic exercise that can eventually help manage risk Identifying rot causes in schedules and task definitions. Low-probability risk may have high severity. eg. Designed to correct an event or action that delays the schedule M I Khan or impacts the quality of work.STEP-5: Rank Risk by Severity: Risk may be high in probability but with minimal severity. thus cost of contingency is low. 64 STEP-7: Prepare contingency plan: A schedulable task addresses the likelyhood that a linked task will not work. 05/19/16 ..

65 M I Khan 05/19/16 .

PERT analysis establishing a buffer schedule for that contingency. the scenario planning is done (worst case-pessimistic. expected).STEP-8: Estimate schedule impacts using MS Project software: •Apply theory of constraints •When a predictable source or bottleneck is identified in the planning process. 66 M I Khan 05/19/16 . optimistic. creating a risk. STEP-9: Incorporate risk in schedules and establish buffers: • New pessimistic risk-based schedule is not base-lined into project but buffertime equal to difference between the expected and pessimistic durations is withheld for later use.

Symptoms and trigger action Risk may trigger a buffer How decisions will be made to help avoid last minute “crisis management. 67 M I Khan 05/19/16 .STEP-10: Identify triggers for applying buffers: Identify events or indicators that will trigger a buffer action based on risk.

quality Severity Contingency (high. plan medium . if applic able Project termination needs to be done earl as not lose money and time Cost/ Quality Low Enough 1 research should have been done to terminate the project before it got to far 05/19/16 M I Khan . cost. low) Ra nki ng Testin g Critical function needed by new system may be overlooked if not tested properly Technica l High Formal testing plan Test plan Test cases Testing schedule Method to log test results 5 Termi nation . schedul e.SAMPLE MATRIX 68 Risk Item Description of Risk Impact (techni cal.

Project and Organization Risk 69 M I Khan 05/19/16 .Building a Risk Management Culture  Prepare the organization  Risk: the Oragnizational Culture Issue  A cultur of risk management competncies  Link corporate and project plannng  Traning and Development in Risk  Project Experience  Learning Organization  Strong Functional managers Addresse Quality  Building the Culture  Addressing Risk with scenarios  Performance incentives  The Risk of “Blinders”  Personal.

Culture-Internal risk to projects Building culture is a process of developing: People in Organization who thinks and plan projects effectively Support by company systems Encourage people to think and plan effectively Culture of what-if approach Inculcating a culture of theoretical (could happen) and practical risks (likely to happen) 70 M I Khan 05/19/16 .

Preparing the Organization Culture is the way f doing work Risk management is likely to fail if organization does not address risk the way work is done. Risk management/ risk matrix is part of planning process in organizations. 71 M I Khan 05/19/16 .

72 Establish vision of risk based decisions Connect to Mbusinesses I Khan success Write manuals Use risk to help select Use risk to help manage Identify Develop online risk training program Use electronic 05/19/16 template for .